Security Made, Not Perfect, But Automatic

Threats to computer systems have been increasing over the past few years. Given the dependence of society and businesses on computers, we have been spending every day more to make computer systems and networks secure enough. Yet, current practice and technology are based on intrusion prevention, and incorporate a lot of ad hoc procedures and man power, without being anywhere near perfect, for reasonable scale systems. Maybe the next quantum leap in computer systems security is to make it automatic, so that it can be cheap and effective. The first possibility that comes to mind is to make systems out of tamper-proof components, also said fully trustworthy: perfect components → perfect security, all else being correct. Though this lied at the basis of the trusted computing base work in the eighties, it is known today that it is impossible in practice to implement reasonably complex systems whose components are vulnerability free. This implies that systems in general cannot be made perfectly secure under the prevention paradigm. One interesting approach relies on providing some isolation between virtual machines residing on a same hardware machine, which can then act as if they were separate computers (see Figure 1).